Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Caldera OpenLinux DocView Meta-Character Filtering Vulnerability

Caldera OpenLinux DocView Meta-Character Filtering Vulnerability

by phiber on July 19th, 2001 It is possible to execute arbitrary commands through the interface. The interface does not sufficiently validate input, which could lead to the passing of special characters, and execution of commands as the HTTP user.


This makes it possible for a remote user to execute arbitrary commands, and potentially gain local access to the affected system


Details:
docview is a proprietory package included with Caldera OpenLinux, and is licensed under the GPL. It is designed to allow viewing of man pages view an HTTP interface.



Solution:

Download a new version.

Caldera OpenLinux Server 3.1:



Caldera OpenLinux Workstation 3.1:





from Securityfocus


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »